That's a very different sort of analysis. Ben Hawkes analyzed the cryptographic structure of the update blob on Intel CPUs but didn't analyze the payload because he couldn't decrypt it. The article here reverse engineered the payload on CPUs where it's not encrypted in the first place.
The significance of this achievement is that microcode and its update mechanism has been historically undocumented and hidden from public scrutiny by processor vendors (AMD and Intel in this case), while at the same time the lowest level of abstraction in a computing platform and thus extremely powerful. However it is not unreasonable to consider that well funded state actors have developed microcode exploit technology that would make their control over a system undetectable and impossible to remove. The recent leaks have shown exploits that target hard drive firmware for example.
This is really amazing work. Physically removing layers of the chip to get images of the microcode ROM, inferring stuff from patents, writing their own OS for full control over the chip... wow.
I wonder how much % of my CPU potential performance is given to all this "gimping" done in order to provide state actors a backdoor to every PC and to help the CPU manufacturer recover field servicing costs.
There is a diagram of part of the chip with the microcode engine highlighted. It is about the size of an integer ALU port, it looks like. Much, MUCH smaller than L2 cache.
9 comments
[ 3.1 ms ] story [ 39.9 ms ] threadinertiawar.com/microcode/hawkes_intel_microcode.pdf
I'd be pretty surprised if they were successfully attacking chips through this mechanism. There are so many other devices that are much easier to own.